It also deals with the transfer of personal data outside the EU. The main objectives of the GDPR are (i) to improve the protection of EU personal data and (ii) to simplify the regulatory environment for international companies by imposing uniform data protection requirements on all EU members. Gain complete visibility into shadow IT, block risky applications, and quickly identify dangerous data sharing—all with a single, unified DLP strategy. Cloud applications improve productivity, but don`t provide enough visibility into data access or shared sharing. Complying with HIPAA regulations and protecting sensitive patient data can be challenging as patient care methods continue to evolve. Zscaler helps healthcare organizations improve their security posture and enforce consistent security and access policies for all users, regardless of where their users work with patients – in a healthcare facility, online, or via a mobile device. In addition, Zscaler maintains its certification for the EU-US and Switzerland-US. erect. Privacy Shield Frameworks. Although Zscaler does not rely on the EU-US Privacy Shield Framework as the legal basis for the transfer of personal data in light of the Court of Justice ruling in Case C-311/18, we are committed to complying with the EU-US Privacy Shield Framework.
We understand that the message sent by the European judge in the Schrems II case is that, depending on the case-by-case assessment, given the circumstances of the specific data transfer, certain additional measures may be necessary to ensure that the law of the country to which the data is transferred does not compromise the adequate level of protection guaranteed by the EU Standard Contractual Clauses. Zscaler is a powerful, cloud-native platform that audits all Internet and SSL traffic, protects all sensitive data during download and download, and provides users with fast and consistent security regardless of their location. Define what information about your company is classified as personal data and fully understand how this data is stored and processed by your suppliers, partners and third parties. This process will reveal your data footprint. (2) How does Zscaler protect the personal data it processes and/or stores? To help our customers comply with the GDPR, we have compiled a comprehensive, side-by-side picture of the controller vs. processor`s responsibilities of the customer`s obligations as a data controller and Zscaler`s obligations as a data processor. This chart is a useful tool for our customers to better understand what exactly they need to do to comply with the GDPR and what they can expect from Zscaler. In light of the Schrems II judgment, Zscaler confirms that it will continue to offer its products and services in full compliance with applicable data protection laws.
Zscaler processes personal data in the data center closest to the location of our customers` users (i.e. EU data centers for EU users, U.S. data centers for U.S. users). In the event that an EU user travels to the United States, Zscaler processes their personal data from the nearest data center that would be located in the United States. We process personal data only for the purpose of providing services to our customers and for any other purpose authorised by the data subject or controller. Zscaler will only process personal data in a manner consistent with the purpose for which Zscaler collected the personal data or for purposes subsequently authorised by the natural or legal person providing the personal data. Before using your personal data for purposes materially different from those for which it was collected or which you subsequently authorised, we will give you the opportunity to unsubscribe. Zscaler maintains reasonable procedures to ensure that personal information is reliable, accurate, complete and up-to-date for the intended use. Zscaler`s teams have thoroughly analyzed the GDPR to ensure that our services and agreements comply with new regulations, and we are also committed to helping you with your compliance efforts.
Zscaler implements physical, technical and organizational security measures to ensure a level of security appropriate to the risk in accordance with the standards of Article 32 of the GDPR. Zscaler is ISO 27001 and System and Organization Controls (SOC) 2, Type II certified and is audited annually by a third party to ensure continued compliance with these certifications. Zscaler regularly tests, evaluates and evaluates the effectiveness of its security measures. Upon written request and subject to appropriate confidentiality protection, Zscaler may provide the Customer with a copy of its latest ISO 27001 certificate and/or SOC 2, Type II report. For more information, see www.zscaler.com/privacy-company/compliance. You may have the option to choose binding arbitration to resolve your claim in certain circumstances, provided that you have taken the following steps: (1) submitted your complaint directly to Zscaler and given us an opportunity to resolve the issue; (2) has had recourse to the above-mentioned independent dispute resolution mechanism; and (3) resolved the issue through the appropriate data protection authority and gave the U.S. Department of Commerce the opportunity to resolve the complaint at no cost to you. For more information about binding arbitration, see U.S. Department of Commerce Privacy Shield Framework: Appendix I (Binding Arbitration) at ec.europa.eu/justice/data-protection/files/annexes_eu-us_privacy_shield_en.pdf. The way Zscaler transfers personal data outside the EU to provide our products and services has not changed. The European judge`s decision does not affect how Zscaler provides its products and services, our data feeds or how we store customer logs. In the past, Zscaler has provided its customers with protection for international data transfers under the EU Standard Contractual Clauses and the Privacy Shield Framework.